Signature Detail

SCAN: Core Impact Media Player IE Zone Bypass Exploit

This signature detects access to a Web page that is infected by the CORE Impact Media Player Internet Explorer Zone Bypass exploit. The Level0 CORE Impact agent can infect target hosts that visit the Web page.

Extended Description

It has been reported by a reliable source that a method exists for evading the Zone based access control model used by Microsoft Internet Explorer. This technique reportedly relies on a flaw in Windows Media Player that allows for untrusted content to access the Local Zone.

Affected Products

• Microsoft Internet Explorer 5.0
• Microsoft Internet Explorer 5.0.1
• Microsoft Internet Explorer 5.0.1 For Windows 2000
• Microsoft Internet Explorer 5.0.1 For Windows 95
• Microsoft Internet Explorer 5.0.1 For Windows 98
• Microsoft Internet Explorer 5.0.1 For Windows NT 4.0
• Microsoft Internet Explorer 5.0.1 SP1
• Microsoft Internet Explorer 5.0.1 SP2
• Microsoft Internet Explorer 5.0.1 SP3
• Microsoft Internet Explorer 5.0 For Windows 2000
• Microsoft Internet Explorer 5.0 For Windows 95
• Microsoft Internet Explorer 5.0 For Windows 98
• Microsoft Internet Explorer 5.0 For Windows NT 4.0
• Microsoft Internet Explorer 5.5
• Microsoft Internet Explorer 5.5 Preview
• Microsoft Internet Explorer 5.5 SP1
• Microsoft Internet Explorer 5.5 SP2
• Microsoft Internet Explorer 6.0
• Microsoft Internet Explorer 6.0 SP1
• Microsoft Windows Media Player 6.3
• Microsoft Windows Media Player 6.4
• Microsoft Windows Media Player 7.0
• Microsoft Windows Media Player 7.1
• Microsoft Windows Media Player 8.0
• Microsoft Windows Media Player 9.0
• Microsoft Windows Media Player XP

References

• BugTraq: 8263
• CVE: CVE-2003-0838
• URL: http://www.microsoft.com/technet/security/bulletin/MS03-040.mspx
• URL: http://support.microsoft.com/default.aspx?scid=kb;en-us;828026